Project

General

Profile

Actions
Copy link

Feature #32766

closed

Remove the URI limitation from external markdown links

Added by Simon Busse over 4 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Text formatting
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

Problem (usecase)
The Markdown Module of Redmine limits the possible URIs in markdown written links (RedmineTextFormattingMarkdown). But for us it is a very important feature to be able to link directly from Redmine to other apps. Therefore we need to be able to set links e.g. with the URI zpl://... (zeplin.io App on MacOS). With Textile this is possible, but not with Markdown.
IMHO the security gain of the limitation is small, especially since there is no limitation with Textile.

possible solution
Remove the URI limitation in Markdown (/lib/redmine/helpers/uri.rb). Alternatively, the possible URIs could be made adjustable.

Related issues

Related to Redmine - Feature #32424: CommonMark Markdown Text FormattingClosedMarius BĂLTEANU

Actions
Actions
Copy link
 #1

Updated by Simon Busse over 4 years ago

As a note: for us we have solved the problem with a "fix" plugin (https://github.com/laborb/redmine_lab_uri_schemes).
Nevertheless I would consider a solution in the core to be useful.

Actions
Copy link
 #2

Updated by Declan Jackson almost 4 years ago

Simon Busse wrote:

As a note: for us we have solved the problem with a "fix" plugin (https://github.com/laborb/redmine_lab_uri_schemes).
Nevertheless I would consider a solution in the core to be useful.

It is nice to be here...

Actions
Copy link
 #3

Updated by Janeks Kamerovskis about 3 years ago

Declan Jackson wrote:

Simon Busse wrote:

As a note: for us we have solved the problem with a "fix" plugin (https://github.com/laborb/redmine_lab_uri_schemes).
Nevertheless I would consider a solution in the core to be useful.

It is nice to be here...

+1

Actions
Copy link
 #4

Updated by Martin Cizek about 3 years ago

In CommonMark formatting patch #32424, I've added Redmine::Helpers::URL#uri_with_link_safe_scheme? method.

If it were applied, the fix for the old Markdown formatting would be:

--- a/lib/redmine/wiki_formatting/markdown/formatter.rb
+++ b/lib/redmine/wiki_formatting/markdown/formatter.rb
@@ -27,7 +27,7 @@ module Redmine
         include Redmine::Helpers::URL

         def link(link, title, content)
-          return nil unless uri_with_safe_scheme?(link)
+          return nil unless uri_with_link_safe_scheme?(link)

           css = nil
           unless link && link.starts_with?('/')

This new helper method can then be used also to replace the hardcoded test in Textile (href.downcase.start_with?('javascript:')).

Actions
Copy link
 #5

Updated by Go MAEDA almost 3 years ago

  • Related to Feature #32424: CommonMark Markdown Text Formatting added
Actions
Copy link
 #6

Updated by Marius BĂLTEANU about 2 years ago

  • Status changed from New to Closed
  • Resolution set to Fixed

The old Markdown formatting based on RedCarpet is deprecated and it won't receive any fixes (excepting security issues). You should migrate to the new Markdown formatting based on CommonMark which is available in Redmine 5 (#32424).

I'm setting resolution fixed because this issue is fixed in CommonMark.

Actions
Copy link

Also available in: Atom PDF